CVE-2023-29495

Vulnerability

An improper input validation vulnerability exists in the BIOS firmware of certain Intel NUC (Next Unit of Computing) devices prior to version IN0048 [1]. This flaw resides in the firmware's handling of input data, potentially allowing a privileged user to trigger unintended behavior. Affected products include various Intel NUC models; the exact list is provided in the Intel security advisory [1].

Exploitation

Exploitation requires local access to the affected system and a user account with elevated privileges (e.g., administrator or root). The attacker must be able to interact with the BIOS firmware interface or execute code that can send crafted input to the vulnerable component. No network vector is involved; the attack is strictly local [1].

Impact

Successful exploitation could enable an attacker to escalate their privileges further, potentially gaining control over low-level system firmware or bypassing security mechanisms. This could lead to persistent compromise of the device, as firmware-level access can survive operating system reinstallation [1].

Mitigation

Intel has released BIOS version IN0048 to address this vulnerability. Users should update their Intel NUC BIOS to version IN0048 or later, available through the Intel Download Center or system vendor support pages [1]. No workaround is provided; updating the firmware is the only mitigation.